CN114338244A - Equipment network behavior classification recording method and device and backtracking evidence-proving method and device - Google Patents
Equipment network behavior classification recording method and device and backtracking evidence-proving method and device Download PDFInfo
- Publication number
- CN114338244A CN114338244A CN202210228755.1A CN202210228755A CN114338244A CN 114338244 A CN114338244 A CN 114338244A CN 202210228755 A CN202210228755 A CN 202210228755A CN 114338244 A CN114338244 A CN 114338244A
- Authority
- CN
- China
- Prior art keywords
- network
- protocol
- data packet
- service
- network behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000010276 construction Methods 0.000 claims abstract description 5
- 238000007726 management method Methods 0.000 claims description 46
- 238000012545 processing Methods 0.000 claims description 15
- 230000003993 interaction Effects 0.000 claims description 12
- 239000003999 initiator Substances 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 4
- 238000013523 data management Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 abstract description 90
- 238000004458 analytical method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a device for recording equipment network behaviors and a method and a device for backtracking and testifying, which are used for acquiring original network data packets of various equipment in a service network in real time; classifying and identifying the original network data packet to obtain a protocol and management data packet and a service application data packet; storing the protocol and management data packet into the data table of the protocol identifier corresponding to the data packet by taking each protocol identifier as a data table name; and storing the service application data packet into the data table of the service link identifier corresponding to the data packet by taking each service link identifier as a data table name. The method is different from the traditional network data acquisition and recording method in that the data packets are classified and recorded according to the IP protocol family, so that the fast construction of a behavior main line of the network equipment is realized, and further, the key events can be fast inquired. The traditional network data acquisition and recording method can only realize the query of data packets and cannot provide quick and convenient query support for network behaviors.
Description
Technical Field
The invention belongs to the field of computer network security, and particularly relates to a method and a device for recording equipment network behaviors and a method and a device for backtracking and testifying.
Background
With the rapid development and popularization of internet technology, network interconnection has been deeply penetrated into our lives and works. The network security issues that follow are privacy and property security for the home and business privacy security for the enterprise. The biggest source of network security problems, as counted by the relevant security agencies, is the result of inadvertent or deliberate operation by internal personnel. By effectively recording the network behavior of the equipment and quickly backtracking and checking, powerful evidence can be provided for follow-up problem investigation and responsibility confirmation.
According to the IP network model, the equipment network behavior data is encapsulated by an application layer, a transmission layer, a network layer and a link layer in sequence. Currently, there are two main categories of network analysts in common use: firstly, link layer analysis tools represented by Wireshark and Sniffer have weak analysis capability on other levels of data and high use complexity; and secondly, a special analysis tool (such as QQ, IE and the like) developed aiming at special application layer software is only suitable for related application products, and the universality is poor.
Under the guidance of a new generation of internet cluster technology represented by docker, network communication gets rid of the traditional point-to-point mode of fixed mac addresses and fixed IP addresses, and the network behavior of equipment cannot be effectively shown on the basis of a link layer and a network layer; the traditional cognition of people to the application layer APP is also overturned by the interest of novel application APP development technologies such as nodejs, html5 and python. Retrospective analysis of device network behavior must be adapted to these new internet technologies.
Disclosure of Invention
The invention provides a method and a device for recording equipment network behaviors, aiming at the technical problem of how to record the equipment network behaviors aiming at various network applications, so that the equipment network behaviors can be quickly backtracked and analyzed.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a device network behavior recording method comprises the following steps:
step 1: acquiring original network data packets of various devices in a service network in real time;
step 2: classifying and identifying original network data packets according to IP protocol family classification to obtain protocol and management data packets and service application data packets;
and step 3: establishing a protocol interaction characteristic index for each protocol and management data packet according to the protocol context relationship, taking each protocol identifier as a data table name, and storing the protocol and management data packet into a data table of the protocol identifier corresponding to the data packet; and establishing a service link characteristic index for each service application data packet according to the service type and the context relationship, taking each service link identifier as a data table name, and storing the service application data packet into a data table of the service link identifier corresponding to the data packet.
Further, the protocol interaction feature index is time, an initiator device MAC address, an initiator device IP address, a feedback device MAC address, and a feedback device IP address.
Further, the protocol identifications are ARP, ICMP, RIP, OSPF, BGP, DHCP, DNS, and SNMP.
Further, the service link characteristic index is time, a service network device MAC address, a service network device IP address, a service network device link port, an internet device IP address, an internet device domain name, a transport protocol, and an external network device service port.
Further, the service link identifier is an intranet device MAC + IP address.
Further, the data table identified by each protocol as a table name and the data table identified by each service link as a table name are both stored in a network behavior database, which is a nosql type database.
The invention also provides a device for recording the network behavior of the equipment, which comprises the following modules:
a network data capturing module: the system is used for capturing original network data packets of various devices in a service network in real time;
a packet classification module: the system is used for classifying and identifying the original network data packet according to IP protocol family classification to obtain a protocol and management data packet and a service application data packet;
protocol and management packet processing module: the system comprises a database, a management data packet and a database, wherein the database is used for storing a protocol context relationship;
a service application data packet processing module: the system is used for establishing a service link characteristic index for each service application data packet according to the service type and the context relationship;
the network behavior data management module: the system is used for establishing a network behavior database, creating a data table with each protocol identifier as a data table name and a data table with each service link identifier as a data table name, storing a protocol and management data packet with the protocol interaction characteristics as an index in the data table with the protocol identifier corresponding to the index as the data table name, and storing a service application data packet with the service link characteristics as the index in the data table with the service link identifier corresponding to the index as the data table name.
The invention also provides a device network behavior backtracking testifying method, which uses the device network behavior recording device and comprises the following steps:
step 1: acquiring a protocol and a management data packet related to each network device from a network behavior database, associating the protocol and the management data packet with a service application data packet of the corresponding network device, and obtaining a network behavior main line of each network device by taking time as a main axis;
step 2: acquiring query conditions of a user, wherein the query conditions are protocols and management data packets corresponding to network equipment, and the query conditions are used for querying the network equipment corresponding to the protocols and the management data packets to be queried from a network behavior database and mapping the network equipment to a network behavior main line of the network equipment;
and step 3: according to the network behavior mainline of the network equipment, the whole process of the external network behavior of the network equipment is traced back, key network events are positioned, the service application data content of the application layer network is extracted, and further the network behavior of the equipment is proved.
The invention also provides a device for backtracking and testifying the network behavior of the equipment, which comprises the following modules:
a network behavior main line construction module: the system comprises a network behavior database, a data processing module and a data processing module, wherein the data processing module is used for acquiring a protocol and a management data packet related to each network device from the network behavior database, associating the protocol and the management data packet with a service application data packet of the network device corresponding to the protocol and the management data packet, and obtaining a network behavior main line of each network device by taking time as a main axis;
the query module: the query condition is a network behavior data packet corresponding to the network equipment, the network equipment corresponding to the network behavior data packet to be queried is obtained by querying from a network behavior database and is mapped to a network behavior main line of the network equipment;
backtracking testimony module: the device is used for backtracking the whole process of the external network behavior of the network device according to the network behavior mainline of the network device inquired by the inquiry module, positioning a key network event, extracting the service application data content of an application layer network, and further proving the network behavior of the device.
By adopting the technical scheme, the invention has the following beneficial effects:
according to the device network behavior recording method and device and the backtracking proof method and device, the network behavior main line of the device is constructed through the classified recording of the network data, so that a clear backtracking mechanism can be established, and further the proof of the key event can be rapidly carried out. The method is different from the traditional network data acquisition and recording method in that the data packets are classified and recorded according to the IP protocol family, so that the fast construction of a behavior main line of the network equipment is realized, and further, the key events can be fast inquired. The traditional network data acquisition and recording method can only realize the query of data packets and cannot provide quick and convenient query support for network behaviors.
Drawings
FIG. 1 is a system flow diagram of a network behavior recording method;
fig. 2 is a system flow chart of a network behavior backtracking proof method.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
fig. 1 shows a device network behavior recording method according to the present invention, as shown in fig. 1, including the following steps:
step 1: acquiring original network data packets of various devices in a service network in real time;
step 2: classifying and identifying original network data packets according to IP protocol family classification to obtain protocol and management data packets and service application data packets;
and step 3: establishing a protocol interaction characteristic index for each protocol and management data packet according to the protocol context relationship, taking each protocol identifier as a data table name, and storing the protocol and management data packet into a data table of the protocol identifier corresponding to the data packet; and establishing a service link characteristic index for each service application data packet according to the service type and the context relationship, taking each service link identifier as a data table name, and storing the service application data packet into a data table of the service link identifier corresponding to the data packet.
In this embodiment, the protocol interaction feature index is time, an initiator device MAC address, an initiator device IP address, a feedback device MAC address, and a feedback device IP address. The protocol identities are ARP, ICMP, RIP, OSPF, BGP, DHCP, DNS, and SNMP. The service link characteristic index is time, a service network equipment MAC address, a service network equipment IP address, a service network equipment link port, an Internet equipment IP address, an Internet equipment domain name, a transmission protocol (TCP, UDP) and an external network equipment service port, and the service link identifier is an internal network equipment MAC + IP address. Through the classified recording of the network data, as can be seen from the protocol interaction characteristic index and the service link characteristic index, the time, the IP address and the MAC address of the network equipment are related, through the association, and from the data table of the protocol identification and the data table of the service link identification, the protocol, the related data packet and the service application data packet can be subjected to associated mapping, through the recording method, a network behavior main line of each network equipment with the time as a main axis is constructed, and therefore the key event of the network equipment can be rapidly inquired.
In this embodiment, the data table with each protocol identifier as a table name and the data table with each service link identifier as a table name are both stored in a network behavior database, which is a nosql type database.
Example two:
the invention also provides a device for recording the network behavior of the equipment, which uses the method for recording the network behavior of the equipment in the first embodiment and comprises the following modules:
a network data capturing module: the system is used for capturing original network data packets of various devices in a service network in real time;
a packet classification module: the system is used for classifying and identifying the original network data packet according to IP protocol family classification to obtain a protocol and management data packet and a service application data packet;
protocol and management packet processing module: the system comprises a database, a management data packet and a database, wherein the database is used for storing a protocol context relationship;
a service application data packet processing module: the system is used for establishing a service link characteristic index for each service application data packet according to the service type and the context relationship;
the network behavior data management module: the system is used for establishing a network behavior database, creating a data table with each protocol identifier as a data table name and a data table with each service link identifier as a data table name, storing a protocol and management data packet with the protocol interaction characteristics as an index in the data table with the protocol identifier corresponding to the index as the data table name, and storing a service application data packet with the service link characteristics as the index in the data table with the service link identifier corresponding to the index as the data table name.
Because the network data generated by one network device is served for one work in one time period and the network device is served for another work in the next time period, because the network protocol data generated by different works are different, for example, in the interaction process with the external server a, the IP address of the other party in all the network data is the address of the external server a, and when the server B is switched, the IP address is changed to the address of B accordingly, so that the network data can be distinguished. Since these tasks are the behaviors of the network devices, the tasks are arranged in time sequence to form a main line of behavior of the network devices. Therefore, in this embodiment, by constructing the network behavior main line, various operations of the network device can be identified through the recorded network data indexes (the protocol interaction feature index and the service link feature index). Therefore, by using the recording apparatus in this embodiment, the protocol, the associated data packet, and the service application data packet are mapped in an associated manner through the data table of the protocol identifier and the data table of the service link identifier, and a network behavior main line of each network device with time as a main axis is constructed, so that the key event of the network device can be quickly queried.
Example three:
a device network behavior backtracking proof method using the device network behavior recording apparatus in the second embodiment, as shown in fig. 2, includes the following steps:
step 1: and acquiring a protocol and a management data packet related to each network device from the network behavior database, associating the protocol and the management data packet with a service application data packet of the corresponding network device, and obtaining a network behavior main line of each network device by taking time as a main axis. In this embodiment, the network behavior main line is a queue of jobs completed by the network device, and the jobs are distinguished by taking four parameters, i.e., an IP address, a port number, an IP address of an opposite terminal device, and a port number, of the service network device as features and are arranged according to a time sequence.
Step 2: acquiring query conditions of a user, wherein the query conditions are protocols and management data packets corresponding to network equipment, and the query conditions are used for querying the network equipment corresponding to the protocols and the management data packets to be queried from a network behavior database and mapping the network equipment to a network behavior main line of the network equipment;
and step 3: according to the network behavior mainline of the network equipment, the whole process of the external network behavior of the network equipment is traced back, key network events are positioned, the service application data content of the application layer network is extracted, and further the network behavior of the equipment is proved.
In this embodiment, according to the acquired network behavior main line, a work queue completed by the network device within a period of time is obtained, and each work involves three steps of "establishing connection, transmitting data, and disconnecting connection", so that the network behavior can be traced back by constructing the network behavior main line. In addition, the network behavior main line is associated with the management data packet and the service application data packet of the network device corresponding to the management data packet through the protocol, namely, the protocol and the index of the management data packet are associated in the network behavior main line, and the protocol and the management data packet give out all network events in the whole process of the network behavior, so that the key network event can be positioned. Because the index information of the service application data packet is also associated in the network behavior main line, the corresponding service application data content can be extracted.
Example four:
a device network behavior backtracking testifying device uses the device network behavior backtracking testifying method of the third embodiment, and comprises the following modules:
a network behavior main line construction module: the system comprises a network behavior database, a data processing module and a data processing module, wherein the data processing module is used for acquiring a protocol and a management data packet related to each network device from the network behavior database, associating the protocol and the management data packet with a service application data packet of the network device corresponding to the protocol and the management data packet, and obtaining a network behavior main line of each network device by taking time as a main axis;
the query module: the query condition is a network behavior data packet corresponding to the network equipment, the network equipment corresponding to the network behavior data packet to be queried is obtained by querying from a network behavior database and is mapped to a network behavior main line of the network equipment;
backtracking testimony module: the device is used for backtracking the whole process of the external network behavior of the network device according to the network behavior mainline of the network device inquired by the inquiry module, positioning a key network event, extracting the service application data content of an application layer network, and further proving the network behavior of the device.
In this embodiment, since the device network behavior recording apparatus is used, a network behavior main line of a certain network device can be quickly constructed according to the protocols and associated data packets and the service application data packets recorded in the classification, so that when a user queries, the network behavior main line is quickly mapped to the network behavior main line, the whole process of the external network behavior of the network device is traced, and thus the key network event is quickly located.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A method for recording the network behavior of equipment is characterized by comprising the following steps:
step 1: acquiring original network data packets of various devices in a service network in real time;
step 2: classifying and identifying original network data packets according to IP protocol family classification to obtain protocol and management data packets and service application data packets;
and step 3: establishing a protocol interaction characteristic index for each protocol and management data packet according to the protocol context relationship, taking each protocol identifier as a data table name, and storing the protocol and management data packet into a data table of the protocol identifier corresponding to the data packet; and establishing a service link characteristic index for each service application data packet according to the service type and the context relationship, taking each service link identifier as a data table name, and storing the service application data packet into a data table of the service link identifier corresponding to the data packet.
2. The method of claim 1, wherein the protocol interaction feature index is time, initiator device MAC address, initiator device IP address, feedback device MAC address, and feedback device IP address.
3. The method of claim 2, wherein the protocol identifier is ARP, ICMP, RIP, OSPF, BGP, DHCP, DNS, and SNMP.
4. The method according to claim 1, wherein the service link characteristic index is time, service network device MAC address, service network device IP address, service network device link port, internet device IP address, internet device domain name, transport protocol, and extranet device service port.
5. The method according to claim 2, wherein the service link identifier is an intranet device MAC + IP address.
6. The device network behavior recording method according to any one of claims 1 to 5, wherein the data table identified by each protocol as a table name and the data table identified by each service link as a table name are stored in a network behavior database, and the network behavior database is a nosql type database.
7. The device network behavior recording device is characterized by comprising the following modules:
a network data capturing module: the system is used for capturing original network data packets of various devices in a service network in real time;
a packet classification module: the system is used for classifying and identifying the original network data packet according to IP protocol family classification to obtain a protocol and management data packet and a service application data packet;
protocol and management packet processing module: the system comprises a database, a management data packet and a database, wherein the database is used for storing a protocol context relationship;
a service application data packet processing module: the system is used for establishing a service link characteristic index for each service application data packet according to the service type and the context relationship;
the network behavior data management module: the system is used for establishing a network behavior database, creating a data table with each protocol identifier as a data table name and a data table with each service link identifier as a data table name, storing a protocol and management data packet with the protocol interaction characteristics as an index in the data table with the protocol identifier corresponding to the index as the data table name, and storing a service application data packet with the service link characteristics as the index in the data table with the service link identifier corresponding to the index as the data table name.
8. A device network behavior backtracking proof method using the device network behavior recording apparatus of claim 7, comprising the steps of:
step 1: acquiring a protocol and a management data packet related to each network device from a network behavior database, associating the protocol and the management data packet with a service application data packet of the corresponding network device, and obtaining a network behavior main line of each network device by taking time as a main axis;
step 2: acquiring query conditions of a user, wherein the query conditions are protocols and management data packets corresponding to network equipment, and the query conditions are used for querying the network equipment corresponding to the protocols and the management data packets to be queried from a network behavior database and mapping the network equipment to a network behavior main line of the network equipment;
and step 3: according to the network behavior mainline of the network equipment, the whole process of the external network behavior of the network equipment is traced back, key network events are positioned, the service application data content of the application layer network is extracted, and further the network behavior of the equipment is proved.
9. The utility model provides a device is testified to equipment network action backtracking which characterized in that includes following module:
a network behavior main line construction module: the system comprises a network behavior database, a data processing module and a data processing module, wherein the data processing module is used for acquiring a protocol and a management data packet related to each network device from the network behavior database, associating the protocol and the management data packet with a service application data packet of the network device corresponding to the protocol and the management data packet, and obtaining a network behavior main line of each network device by taking time as a main axis;
the query module: the query condition is a network behavior data packet corresponding to the network equipment, the network equipment corresponding to the network behavior data packet to be queried is obtained by querying from a network behavior database and is mapped to a network behavior main line of the network equipment;
backtracking testimony module: the device is used for backtracking the whole process of the external network behavior of the network device according to the network behavior mainline of the network device inquired by the inquiry module, positioning a key network event, extracting the service application data content of an application layer network, and further proving the network behavior of the device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210228755.1A CN114338244B (en) | 2022-03-10 | 2022-03-10 | Equipment network behavior classification recording method and device and backtracking evidence-proving method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210228755.1A CN114338244B (en) | 2022-03-10 | 2022-03-10 | Equipment network behavior classification recording method and device and backtracking evidence-proving method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338244A true CN114338244A (en) | 2022-04-12 |
| CN114338244B CN114338244B (en) | 2022-05-20 |
Family
ID=81033467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210228755.1A Active CN114338244B (en) | 2022-03-10 | 2022-03-10 | Equipment network behavior classification recording method and device and backtracking evidence-proving method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338244B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024120020A1 (en) * | 2022-12-05 | 2024-06-13 | 中兴通讯股份有限公司 | Data processing method, apparatus, and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130014253A1 (en) * | 2011-07-06 | 2013-01-10 | Vivian Neou | Network Protection Service |
| CN106506242A (en) * | 2016-12-14 | 2017-03-15 | 北京东方棱镜科技有限公司 | A kind of Network anomalous behaviors and the accurate positioning method and system of flow monitoring |
| CN110012019A (en) * | 2019-04-11 | 2019-07-12 | 鸿秦(北京)科技有限公司 | A kind of network inbreak detection method and device based on confrontation model |
| CN110430191A (en) * | 2019-08-06 | 2019-11-08 | 合肥优尔电子科技有限公司 | Safe early warning method and device in dispatch data net based on protocol identification |
| US20210229199A1 (en) * | 2018-10-17 | 2021-07-29 | Leonardo S.P.A. | Method and tool for reconditioning a damaged thread |
| CN113242208A (en) * | 2021-04-08 | 2021-08-10 | 电子科技大学 | Network situation analysis system based on network flow |
-
2022
- 2022-03-10 CN CN202210228755.1A patent/CN114338244B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130014253A1 (en) * | 2011-07-06 | 2013-01-10 | Vivian Neou | Network Protection Service |
| CN106506242A (en) * | 2016-12-14 | 2017-03-15 | 北京东方棱镜科技有限公司 | A kind of Network anomalous behaviors and the accurate positioning method and system of flow monitoring |
| US20210229199A1 (en) * | 2018-10-17 | 2021-07-29 | Leonardo S.P.A. | Method and tool for reconditioning a damaged thread |
| CN110012019A (en) * | 2019-04-11 | 2019-07-12 | 鸿秦(北京)科技有限公司 | A kind of network inbreak detection method and device based on confrontation model |
| CN110430191A (en) * | 2019-08-06 | 2019-11-08 | 合肥优尔电子科技有限公司 | Safe early warning method and device in dispatch data net based on protocol identification |
| CN113242208A (en) * | 2021-04-08 | 2021-08-10 | 电子科技大学 | Network situation analysis system based on network flow |
Non-Patent Citations (3)
| Title |
|---|
| YUNG-FA HUANG: "《Traffic Classification of QoS Types Based on Machine Learning Combined with IP Query and Deep Packet Inspection》", 《2020 14TH INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND COMMUNICATION SYSTEMS (ICSPCS)》 * |
| 唐志斌: "网络数据采集及安全审计技术研究综述", 《网络新媒体技术》 * |
| 张建平等: "一种基于流量与日志的专网用户行为分析方法", 《信息安全研究》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024120020A1 (en) * | 2022-12-05 | 2024-06-13 | 中兴通讯股份有限公司 | Data processing method, apparatus, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338244B (en) | 2022-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114584401B (en) | Tracing system and method for large-scale network attack | |
| US10547674B2 (en) | Methods and systems for network flow analysis | |
| US9537825B2 (en) | Geographic filter for regulating inbound and outbound network communications | |
| US7555550B2 (en) | Asset tracker for identifying user of current internet protocol addresses within an organization's communications network | |
| US20080144655A1 (en) | Systems, methods, and computer program products for passively transforming internet protocol (IP) network traffic | |
| CN105207853A (en) | Local area network monitoring management method | |
| CN111556132B (en) | Method and system for generating intelligent defense schematic diagram for industrial Internet of things | |
| CN114338244B (en) | Equipment network behavior classification recording method and device and backtracking evidence-proving method and device | |
| US7907543B2 (en) | Apparatus and method for classifying network packet data | |
| CN101741628A (en) | Application layer service analysis-based network flow analysis method | |
| CN110855493A (en) | Application topological graph drawing device for mixed environment | |
| CN115865525B (en) | Log data processing method, device, electronic equipment and storage medium | |
| CN115883223A (en) | User risk portrait generation method and device, electronic equipment and storage medium | |
| CN107360271B (en) | Method, system and equipment for acquiring network equipment information and automatically segmenting IP address | |
| CN112653657A (en) | Network data analysis and fusion method, system, electronic equipment and storage medium | |
| CN116708253B (en) | Equipment identification method, device, equipment and medium | |
| CN111698110B (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| CN115514579B (en) | Method and system for realizing service identification based on IPv6 address mapping flow label | |
| Tsai et al. | WhatsApp network forensics: Discovering the communication payloads behind cybercriminals | |
| CN107295009A (en) | A kind of method for bypassing audit sqlserver link informations | |
| KR102318686B1 (en) | Improved method for sequrity employing network | |
| Shi et al. | Checking network security policy violations via natural language questions | |
| CN114579961A (en) | Sensitive data identification method based on multi-industry detection rules and related device | |
| CN111901179A (en) | Method and system for managing Internet of things equipment | |
| CN111144504B (en) | Software mirror image flow identification and classification method based on PCA algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240716 Address after: 230000 Room 420, Building A4, Zhong'an Chuanggu Science and Technology Park Phase I, No. 900 Wangjiang West Road, High tech Zone, Hefei City, Anhui Province Patentee after: Hefei Huaxin Technology Co.,Ltd. Country or region after: China Address before: 215000 unit g1-701, No. 88, Jinjihu Avenue, Suzhou Industrial Park, Suzhou City, Jiangsu Province Patentee before: EDGE INTELLIGENCE OF CAS Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |